Skip to content

Cannot log in when using ASP.NET Core 8 Preview 7 (IDW10403: Token is not a JWT token) #2420

New issue
New issue
Closed
#2421
Closed
Cannot log in when using ASP.NET Core 8 Preview 7 (IDW10403: Token is not a JWT token)#2420
#2421
Labels
questionFurther information is requested
@twsouthwick

Description

@twsouthwick
twsouthwick
opened on Sep 1, 2023

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

2.13.3

Web app

Sign-in users and call web APIs

Web API

Protected web APIs call downstream web APIs

Token cache serialization

Distributed caches

Description

When upgrading to .NET 8 preview 7, I can no longer log in. ASP.NET Core 8 is using v7.x of the Microsoft.IdentityModel.Protocols.OpenIdConnect while Microsoft.Identity.Web is using v6.x.

Reproduction steps

A basic out-of-the-box setup repros this:

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Identity.Web;

var builder = WebApplication.CreateBuilder(args);

builder.Services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(builder.Configuration);

var app = builder.Build();

app.MapGet("/", () => "Hello")
    .RequireAuthorization();

app.Run();

Also, add the latest preview:

<PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.0.0-preview4" />

Error message

When attempting to hit an API, I get the following error:

www-authenticate: Bearer error="invalid_token"

When I hook into the OnAuthenticationFailed event, I get the following details:

   at Microsoft.Identity.Web.Resource.RegisterValidAudience.ValidateAudience(IEnumerable`1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) in /_/src/Microsoft.Identity.Web/Resource/RegisterValidAudience.cs:line 66
   at Microsoft.IdentityModel.Tokens.Validators.ValidateAudience(IEnumerable`1 audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) in /_/src/Microsoft.IdentityModel.Tokens/Validators.cs:line 71
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.<ValidateTokenPayloadAsync>d__71.MoveNext() in Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.cs:line 1431
   at System.Threading.Tasks.ValueTask`1.get_Result() in /_/src/libraries/System.Private.CoreLib/src/System/Threading/Tasks/ValueTask.cs:line 812
   at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.<ValidateJWSAsync>d__67.MoveNext() in Microsoft.IdentityModel.JsonWebTokens\JsonWebTokenHandler.cs:line 1340

When I break on exceptions, I see that it's failing because it is expecting the security to token to be a JwtSecurityToken, while it is actually a JwtWebToken:

microsoft-identity-web/src/Microsoft.Identity.Web/Resource/RegisterValidAudience.cs

Lines 60 to 64 in a8bf5aa

JwtSecurityToken? token = securityToken as JwtSecurityToken;
if (token == null)
{
throw new SecurityTokenValidationException(IDWebErrorMessage.TokenIsNotJwtToken);
}

This appears to be related to #2323

Id Web logs

No response

Relevant code snippets

See the reproduction steps

Regression

No response

Expected behavior

I expect to be able to authenticate and have a useable ClaimsPrincipal

Metadata

Metadata

Assignees

No one assigned

    Labels

    questionFurther information is requested

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions